fix: update CVE's severity and store multiple same CVE's in multiple packages

internal/sql/repository/security/CveStoreRepository.go

@@ -30,7 +30,7 @@ type CveStore struct {
 	tableName    struct{} `sql:"cve_store" pg:",discard_unknown_columns"`
 	Name         string   `sql:"name,pk"`
 	Severity     Severity `sql:"severity,notnull"`
-	Package      string   `sql:"package,notnull"`
+	Package      string   `sql:"package,notnull"` // deprecated
 	Version      string   `sql:"version,notnull"`
 	FixedVersion string   `sql:"fixed_version,notnull"`
 	sql.AuditLog

internal/sql/repository/security/ImageScanResultRepository.go

@@ -27,6 +27,7 @@ type ImageScanExecutionResult struct {
 	CveStoreName                string   `sql:"cve_store_name,notnull"`
 	ImageScanExecutionHistoryId int      `sql:"image_scan_execution_history_id"`
 	ScanToolId                  int      `sql:"scan_tool_id"`
+	Package                     string   `sql:"package"`
 	CveStore                    CveStore
 	ImageScanExecutionHistory   ImageScanExecutionHistory
 }

pkg/security/ImageScanService.go

@@ -372,6 +372,10 @@ func (impl ImageScanServiceImpl) FetchExecutionDetailResult(request *ImageScanRe
 				Severity: item.CveStore.Severity.String(),
 				//Permission: "BLOCK", TODO
 			}
+			if len(item.Package) > 0 {
+				// data already migrated hence get package from image_scan_execution_result
+				vulnerability.Package = item.Package
+			}
 			if item.CveStore.Severity == security.Critical {
 				highCount = highCount + 1
 			} else if item.CveStore.Severity == security.Medium {

pkg/security/policyService.go

@@ -242,8 +242,10 @@ func (impl *PolicyServiceImpl) VerifyImage(verifyImageRequest *VerifyImageReques
 			impl.logger.Errorw("error in fetching vulnerability ", "err", err)
 			return nil, err
 		}
+		cveNameToScanResultPackageNameMapping := make(map[string]string)
 		var cveStores []*security.CveStore
 		for _, scanResult := range scanResults {
+			cveNameToScanResultPackageNameMapping[scanResult.CveStoreName] = scanResult.Package
 			cveStores = append(cveStores, &scanResult.CveStore)
 			if _, ok := scanResultsIdMap[scanResult.ImageScanExecutionHistoryId]; !ok {
 				scanResultsIdMap[scanResult.ImageScanExecutionHistoryId] = scanResult.ImageScanExecutionHistoryId
@@ -259,6 +261,13 @@ func (impl *PolicyServiceImpl) VerifyImage(verifyImageRequest *VerifyImageReques
 				Version:      cve.Version,
 				FixedVersion: cve.FixedVersion,
 			}
+			if packageName, ok := cveNameToScanResultPackageNameMapping[cve.Name]; ok {
+				if len(packageName) > 0 {
+					// fetch package name from image_scan_execution_result table
+					vr.Package = packageName
+				}
+
+			}
 			imageBlockedCves[image] = append(imageBlockedCves[image], vr)
 		}
 	}

scripts/sql/251_alter_image_scan_result_repository.down.sql

@@ -0,0 +1 @@
+ALTER TABLE "image_scan_execution_result" DROP COLUMN "package";

scripts/sql/251_alter_image_scan_result_repository.up.sql

@@ -0,0 +1 @@
+ALTER TABLE "image_scan_execution_result" ADD COLUMN "package" text;